上传文件至 TestDriverController
This commit is contained in:
parent
205e091f02
commit
fcc3a7fde2
|
|
@ -0,0 +1,66 @@
|
|||
#include <iostream>
|
||||
#include <thread>
|
||||
#include <chrono>
|
||||
#include "kernalinterface.hpp"
|
||||
#include "offset.hpp"
|
||||
|
||||
void ToggleTeam(KernelInterface& Driver, ULONG ProcessID, ULONGLONG address)
|
||||
{
|
||||
constexpr int TEAM_2 = 2;
|
||||
constexpr int TEAM_3 = 3;
|
||||
constexpr int TIMEOUT_LIMIT = 64;
|
||||
constexpr auto SLEEP_DURATION = std::chrono::milliseconds(50);
|
||||
|
||||
int32_t iSpoofNum = TEAM_3;
|
||||
|
||||
std::cout << "[Test] Hey! PWA FUCK U!!!\nOutput:";
|
||||
|
||||
while (true)
|
||||
{
|
||||
uintptr_t LocalPlayerAddress = Driver.ReadVirtualMemory<uintptr_t>(ProcessID, address + 0x1810F48, sizeof(uintptr_t));
|
||||
|
||||
if ((GetAsyncKeyState(VK_RIGHT) & 0x8000)) {
|
||||
iSpoofNum = (iSpoofNum == TEAM_2) ? TEAM_3 : TEAM_2;
|
||||
std::cout << "\n[!] changing m_iTeamNum -> "
|
||||
<< Driver.ReadVirtualMemory<int32_t>(ProcessID, LocalPlayerAddress + 0x3BF, sizeof(int32_t))
|
||||
<< " -> " << iSpoofNum << "\n";
|
||||
Beep(1000, 100);
|
||||
}
|
||||
|
||||
int iTimeOut = 0;
|
||||
while (Driver.ReadVirtualMemory<int32_t>(ProcessID, LocalPlayerAddress + 0x3BF, sizeof(int32_t)) != iSpoofNum && iTimeOut < TIMEOUT_LIMIT) {
|
||||
Driver.WriteVirtualMemory<int32_t>(ProcessID, LocalPlayerAddress + 0x3BF, iSpoofNum, sizeof(int32_t));
|
||||
std::cout << ".";
|
||||
iTimeOut++;
|
||||
std::this_thread::sleep_for(SLEEP_DURATION);
|
||||
}
|
||||
|
||||
std::this_thread::sleep_for(std::chrono::milliseconds(100));
|
||||
}
|
||||
}
|
||||
|
||||
int main()
|
||||
{
|
||||
auto Driver = KernelInterface("\\\\.\\testdriver");
|
||||
|
||||
ULONGLONG address = Driver.GetClientAddress();
|
||||
ULONG ProcessID = Driver.GetProcessID();
|
||||
|
||||
std::cout << "ProcessID: " << ProcessID << std::endl;
|
||||
std::cout << "Addy: 0x" << std::hex << address << std::endl;
|
||||
|
||||
uintptr_t LocalPlayerAddress = Driver.ReadVirtualMemory<uintptr_t>(ProcessID, address + 0x016D5C80, sizeof(uintptr_t));
|
||||
std::cout << "LocalPlayer Address: 0x" << LocalPlayerAddress << std::endl;
|
||||
|
||||
while (true)
|
||||
{
|
||||
if (LocalPlayerAddress)
|
||||
{
|
||||
int32_t iLocalHealth = Driver.ReadVirtualMemory<int32_t>(ProcessID, LocalPlayerAddress + 0x32C, sizeof(int32_t));
|
||||
std::cout << "Local Player Health: " << std::dec << iLocalHealth << std::endl;
|
||||
}
|
||||
Sleep(100);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -0,0 +1,140 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<VCProjectVersion>17.0</VCProjectVersion>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<ProjectGuid>{a92ec5ed-3d9b-4789-a0e3-041240678a1e}</ProjectGuid>
|
||||
<RootNamespace>TestDriverController</RootNamespace>
|
||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v143</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v143</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v143</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v143</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="Shared">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="TestDriverController.cpp" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="communication.hpp" />
|
||||
<ClInclude Include="kernalinterface.hpp" />
|
||||
<ClInclude Include="offset.hpp" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Resource Files">
|
||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="TestDriverController.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="communication.hpp">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="kernalinterface.hpp">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="offset.hpp">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
#pragma once
|
||||
|
||||
#include <Windows.h>
|
||||
|
||||
#define IO_GET_CLIENTADDRESS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x666, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
|
||||
|
||||
#define IO_READ_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x667, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
|
||||
|
||||
#define IO_WRITE_REQUEST CTL_CODE(FILE_DEVICE_UNKNOWN, 0x668, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
|
||||
|
||||
#define IO_REQUEST_PROCESSID CTL_CODE(FILE_DEVICE_UNKNOWN, 0x669, METHOD_BUFFERED, FILE_SPECIAL_ACCESS)
|
||||
|
||||
typedef struct _KERNEL_READ_REQUEST
|
||||
{
|
||||
ULONG ProcessId;
|
||||
ULONGLONG Address;
|
||||
PVOID pBuffer;
|
||||
ULONG SIZE;
|
||||
|
||||
} KERNEL_READ_REQUEST, * PKERNEL_READ_REQUEST;
|
||||
|
||||
typedef struct _KERNEL_WRITE_REQUEST
|
||||
{
|
||||
ULONG ProcessId;
|
||||
ULONGLONG Address;
|
||||
PVOID pBuffer;
|
||||
ULONG SIZE;
|
||||
|
||||
} KERNEL_WRITE_REQUEST, * PKERNEL_WRITE_REQUEST;
|
||||
|
|
@ -0,0 +1,103 @@
|
|||
#pragma once
|
||||
|
||||
#pragma warning ( disable : 6001 4244)
|
||||
|
||||
#include "communication.hpp"
|
||||
|
||||
class KernelInterface
|
||||
{
|
||||
public:
|
||||
HANDLE hDriver;
|
||||
// Constructor for the KernelInterface class.
|
||||
// Initializes the class with a handle to the driver obtained by opening a file.
|
||||
KernelInterface(LPCSTR RegistryPath)
|
||||
{
|
||||
// Open a handle to the driver using CreateFileA.
|
||||
// The handle is stored in the hDriver member variable.
|
||||
hDriver = CreateFileA(RegistryPath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
|
||||
}
|
||||
|
||||
// Function to retrieve the client address from the kernel driver.
|
||||
// Returns 0 if the handle to the driver is invalid or if the IOCTL request fails.
|
||||
ULONGLONG GetClientAddress()
|
||||
{
|
||||
// Check if the handle to the driver is invalid.
|
||||
if (hDriver == INVALID_HANDLE_VALUE)
|
||||
return 0;
|
||||
|
||||
// Variables to store the client address, bytes transferred, and the result of the IOCTL request.
|
||||
ULONGLONG Address;
|
||||
DWORD Bytes;
|
||||
|
||||
// Issue an IOCTL request to the driver to get the client address.
|
||||
// The result is stored in the 'Address' variable.
|
||||
if (DeviceIoControl(hDriver, IO_GET_CLIENTADDRESS, &Address, sizeof(Address), &Address, sizeof(Address), &Bytes, NULL))
|
||||
{
|
||||
// Return the client address if the IOCTL request is successful.
|
||||
return Address;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
ULONG GetProcessID()
|
||||
{
|
||||
if (hDriver == INVALID_HANDLE_VALUE)
|
||||
return 0;
|
||||
|
||||
ULONG ProcessId;
|
||||
DWORD Bytes;
|
||||
|
||||
if (DeviceIoControl(hDriver, IO_REQUEST_PROCESSID, &ProcessId, sizeof(ProcessId), &ProcessId, sizeof(ProcessId), &Bytes, NULL))
|
||||
{
|
||||
// Return the client address if the IOCTL request is successful.
|
||||
return ProcessId;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
template <typename type>
|
||||
type ReadVirtualMemory(ULONG ProcessId, ULONGLONG ReadAddress, SIZE_T Size)
|
||||
{
|
||||
type Buffer;
|
||||
|
||||
KERNEL_READ_REQUEST ReadRequest;
|
||||
|
||||
ReadRequest.ProcessId = ProcessId;
|
||||
ReadRequest.Address = ReadAddress;
|
||||
ReadRequest.pBuffer = &Buffer;
|
||||
ReadRequest.SIZE = Size;
|
||||
|
||||
if (DeviceIoControl(hDriver, IO_READ_REQUEST, &ReadRequest, sizeof(ReadRequest), &ReadRequest, sizeof(ReadRequest), 0, 0))
|
||||
{
|
||||
return Buffer;
|
||||
}
|
||||
|
||||
return Buffer;
|
||||
}
|
||||
|
||||
template <typename type>
|
||||
bool WriteVirtualMemory(ULONG ProcessId, ULONGLONG WriteAddress, type WriteValue, SIZE_T Size)
|
||||
{
|
||||
if (hDriver == INVALID_HANDLE_VALUE)
|
||||
return false;
|
||||
|
||||
DWORD Bytes;
|
||||
|
||||
KERNEL_WRITE_REQUEST WriteRequest;
|
||||
|
||||
WriteRequest.ProcessId = ProcessId;
|
||||
WriteRequest.Address = WriteAddress;
|
||||
WriteRequest.pBuffer = &WriteValue;
|
||||
WriteRequest.SIZE = Size;
|
||||
|
||||
if (DeviceIoControl(hDriver, IO_WRITE_REQUEST, &WriteRequest, sizeof(WriteRequest), 0, 0, &Bytes, NULL))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
};
|
||||
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue